Forefront Endpoint Protection 2010 Software Update 1 – SoftwareUpdateAutomation.exe

This is just a quick post to suggest a great way of using the SoftwareUpdateAutomation.exe utility used with FEP 2010 SU1.  You first need to copy the SoftwareUpdateAutomation.exe to the “<ConfigMgrInstallDir>\AdminUI\bin” folder on your Central Site server.

I have seen various blog posts that suggest creating a scheduled task to run on an interval appropriate to how often you expect FEP updates to be released by Microsoft, but I feel the best thing would be to schedule this utility (which updates your FEP Definitions Deployment and Software Update package) to run after a Synchronisation by your Software Update Point component.  Part of my reasoning for this is that the SoftwareUpdateAutomation.exe will trigger an update of your FEP 2010 Definitions Package regardless of the fact that there might be no changes to replicate.

To do this, simply create a scheduled task on your central server to run under an account with the proper permissions, use the command line;

SoftwareUpdateAutomation.exe /AssignmentName <YourAssignmentName> /PackageName <YourDeploymentPkgName> /RefreshDP /UpdateFilter "ArticleID='2461484' AND IsSuperseded=0 AND IsEnabled=1 AND IsExpired=0"

For the New Trigger properties, choose to begin the task ‘On an event’ and use the following parameters;

This will cause the task to fire shortly after a successful WSUS Synchronisation event (Log: Application; Source: SMS Server; Event ID: 6702.)  The 30 minute delay should allow sufficient time for your Software Update Point to complete the post-synchronisation shuffle of Status Messages around your infrastructure.

I think this is a more elegant solution than having it run regardless of your WSUS schedule and you can now control the frequency of this tool simply by altering your SUP Synchronisation Schedule – which you should be mindful of NOT doing too often if your infrastructure simply isn’t capable of making the changes on all Site Servers and Distribution Points before the next scheduled run.

Andy

Advertisements

About madluka

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: